Critical Alert 1 Active Exploit Detected Today

CVE-2026-48558 — SimpleHelp Authentication Bypass Vulnerability →

Powered by CVE Watchtower

×

News

Elon Musk Reaches Settlement with Former Twitter Executives Over $128M Severance Lawsuit

Twitter.com retirement, passkey reset Musk Twitter Severance, Lawsuit Settlement

Elon Musk Reaches Settlement with Former Twitter Executives Over $128M Severance Lawsuit

Do Son October 9, 2025

Tesla CEO Elon Musk has reached a settlement in the $128 million lawsuit filed by former Twitter...

APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing

Do Son October 9, 2025

Volexity has uncovered a sophisticated cyber-espionage operation in which a China-aligned threat actor, tracked as UTA0388, weaponized...

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions

Do Son October 9, 2025

GitLab has released important updates addressing two high-severity vulnerabilities that impact both its Community Edition (CE) and...

Chaos Ransomware Evolves to C++, Uses Destructive Extortion to Delete Large Files and Hijack Bitcoin Clipboard Chaos-C++ Ransomware, Destructive Extortion

Chaos-C++ Ransomware, Destructive Extortion

Chaos Ransomware Evolves to C++, Uses Destructive Extortion to Delete Large Files and Hijack Bitcoin Clipboard

Do Son October 9, 2025

FortiGuard Labs has identified a new, highly destructive variant of the Chaos ransomware, marking a major shift...

CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulnerabilities (CVE-2025-42701 & CVE-2025-42706) LogScale Vulnerability Path Traversal Falcon Sensor File Deletion, CVE-2025-42701 CrowdStrike update crashes - CVE 2025-1146

LogScale Vulnerability Path Traversal Falcon Sensor File Deletion, CVE-2025-42701 CrowdStrike update crashes - CVE 2025-1146

CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulnerabilities (CVE-2025-42701 & CVE-2025-42706)

Do Son October 9, 2025

CrowdStrike has released security updates to address two vulnerabilities in its Falcon Sensor for Windows, identified as...

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows CVE-2023-28445 Deno Command Injection, CVE-2025-61787

CVE-2023-28445 Deno Command Injection, CVE-2025-61787

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows

Do Son October 9, 2025

The Deno project has issued a new security advisory warning of a command injection vulnerability on Windows...

Microsoft Warns: Threat Actors Turn Microsoft Teams into a Weapon for Ransomware, Espionage, and Social Engineering Teams Attack Vector, Entra ID Abuse

Teams Attack Vector, Entra ID Abuse

Microsoft Warns: Threat Actors Turn Microsoft Teams into a Weapon for Ransomware, Espionage, and Social Engineering

Do Son October 9, 2025

Microsoft Threat Intelligence has released an extensive report detailing how both cybercriminals and state-sponsored actors are weaponizing...

Crimson Collective APT Uses Leaked IAM Keys to Hijack AWS Accounts for Data Theft

Crimson Collective APT Uses Leaked IAM Keys to Hijack AWS Accounts for Data Theft

Do Son October 9, 2025

Security researchers at Rapid7 have identified a newly emerging cybercriminal group known as Crimson Collective, which has...

Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters Akka Remote Authentication Bypass, CVE-2025-61778

Akka Remote Authentication Bypass, CVE-2025-61778

Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters

Do Son October 9, 2025

The Akka.NET team has issued a critical security advisory for a severe vulnerability in its Akka.Remote module...

Microsoft Ends Local Account Bypass: Windows 11 OOBE Now Requires Microsoft Account Login

C Windows SecureBoot folder KB5089549 Windows 11 BSOD Microsoft Windows, Rust programming WINS Service Deprecation Windows Server DNS Migration Windows Driver Standard OEM Kernel Privileges Windows Agentic OS Task Manager Bug, Windows 11 Performance Windows 11, Microsoft, WinRE, Update Bug, Tech Support Windows 11 OOBE, Microsoft Account Mandatory Windows 11, SSD failures Windows 11 Recovery, Black Screen of Death Windows 11 Update Issue, KB5062324 Windows 11, Indicator Bar

Microsoft Ends Local Account Bypass: Windows 11 OOBE Now Requires Microsoft Account Login

Do Son October 8, 2025

Microsoft has confirmed that in the consumer editions of Windows 11 — including Home and Pro —...

Google Unveils Gemini 2.5 Computer Use: The Next-Gen AI Model That Takes Action on Web Interfaces Gemini Computer Use, Web Automation

Gemini Computer Use, Web Automation

Google Unveils Gemini 2.5 Computer Use: The Next-Gen AI Model That Takes Action on Web Interfaces

Do Son October 8, 2025

Google has unveiled a preview of its next-generation AI model, Gemini 2.5 Computer Use, a system that...

Epic Games Victory: Supreme Court Denies Google’s Appeal, Forcing Play Store Policy Overhaul by Oct 22

Google Self-Preferencing Fine Idealo Antitrust Damages Anthropic, Google TPUs Google DMA Compliance, Search Self-Preferencing Google Play Store Ruling, Epic Games Victory Google fine, ad tech Google lawsuit, privacy violation Gmail security, false alarm Google Play EU regulation Google Security, Phone Number Leak Google 2025 - Google China’s Anti-Monopoly Law Google monopoly, ad tech Pixel 7a battery, battery swelling

Epic Games Victory: Supreme Court Denies Google’s Appeal, Forcing Play Store Policy Overhaul by Oct 22

Do Son October 8, 2025

In response to Google’s recent request to postpone enforcement of the injunction and seek a comprehensive review,...

Qualcomm Acquires Arduino to Drive Edge AI and Unveils UNO Q Dual-Brain Development Board Qualcomm Arduino, Edge AI

Qualcomm Arduino, Edge AI

Qualcomm Acquires Arduino to Drive Edge AI and Unveils UNO Q Dual-Brain Development Board

Do Son October 8, 2025

Qualcomm has announced its acquisition of Arduino, the globally renowned open-source hardware and software platform — a...

Microsoft Signs 100 MW Solar PPA with Shizen Energy to Power AI in Japan

HTTP.sys RCE vulnerability, Windows HTTP stack exploit, CVE-2026-47291 Netlogon RCE vulnerability Exploited in the wild Secure Boot certificate renewal 2026, Windows 11 UEFI update Community-First AI Infrastructure, Microsoft self-funding energy mandate aka.ms/aoh online portal CVE-2025-55681, Windows DWM Elevation Windows Administrator Protection, CVE-2025-60718 Microsoft AI Compute, IREN Infrastructure Microsoft Japan PPA, Renewable Energy Microsoft AI Investment, Cloud Expansion Microsoft Azure, Startup Credits Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

Microsoft Signs 100 MW Solar PPA with Shizen Energy to Power AI in Japan

Do Son October 8, 2025

Microsoft continues to advance its renewable energy transition in Japan, having recently confirmed the signing of three...

Meta Unveils “Candle” Submarine Cable: The Largest 570 Tbps Data Network for Asia-Pacific AI Meta Submarine Cable, Candle System

Meta Submarine Cable, Candle System

Meta Unveils “Candle” Submarine Cable: The Largest 570 Tbps Data Network for Asia-Pacific AI

Do Son October 8, 2025

Meta has announced its investment in the construction of a new submarine cable system, “Candle,” which will...

Evernote Relaunches as AI-First Note App with Semantic Search and OpenAI Assistant Evernote AI, Semantic Search

Evernote AI, Semantic Search

Evernote Relaunches as AI-First Note App with Semantic Search and OpenAI Assistant

Do Son October 8, 2025

Once the defining name in note-taking applications, Evernote had seen its presence wane in recent years. Yet...

Critical AWS VPN Client Flaw CVE-2025-11462 (CVSS 9.3) Allows Root Privilege Escalation on macOS

Motorola Smart Feed redirect Anthropic Amazon 5GW partnership Amazon Perplexity lawsuit AWS-LC Vulnerabilities Cryptographic Bypass AWS Middle East drone strikes Amazon layoffs 2026, Amazon AI restructuring Amazon Kindle DRM Policy, Publisher Control EPUB AWS Nova Forge AI Model Customization AWS Trainium3 EC2 Trn3 UltraServer Route 53 Accelerated Recovery AWS DNS Resilience AI Browser War, Amazon Comet Amazon layoffs, cost reduction AWS outage, DynamoDB DNS AWS outage, cloud dependency AWS VPN Client, Root Privilege Escalation WSA shutdown, Amazon Appstore Amazon Wondery, Podcast Restructuring Amazon Q2 2025 Generative AI AWS Client VPN, Privilege Escalation Amazon AI, Wearable AI

Critical AWS VPN Client Flaw CVE-2025-11462 (CVSS 9.3) Allows Root Privilege Escalation on macOS

Do Son October 8, 2025

Amazon Web Services (AWS) has released an important security bulletin warning users of a critical local privilege...

Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available Nagios Critical Flaw, Admin Key Leak Nagios XI Vulnerabilities

Nagios Critical Flaw, Admin Key Leak Nagios XI Vulnerabilities

Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available

Do Son October 8, 2025

Security researchers have identified two critical vulnerabilities in Nagios Log Server, the enterprise log management solution widely...

Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog

Do Son October 8, 2025

A cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has...

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames CVE-2023-48795 - Terrapin Attack OpenSSH RCE, ProxyCommand Injection

CVE-2023-48795 - Terrapin Attack OpenSSH RCE, ProxyCommand Injection

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames

Do Son October 8, 2025

Security researcher David Leadbeater has disclosed a vulnerability in OpenSSH, identified as CVE-2025-61984, which highlights how even...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-48558CVSS 10.0
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
CVE-2026-46817CVSS 9.8
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
Admin intel📅 Updated: Jun 29, 2026
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel📅 Updated: Jun 25, 2026
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CISA KEV📅 Added to KEV: Jun 25, 2026
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CISA KEV📅 Added to KEV: Jun 23, 2026
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CISA KEV📅 Added to KEV: Jun 23, 2026